Skip to content
This repository was archived by the owner on Apr 12, 2021. It is now read-only.
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: fab05f17d15e
Choose a base ref
...
head repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: a0307bad467e
Choose a head ref
17 contributors

Commits on Feb 4, 2020

  1. iodine: 1.2.0 -> 2019-09-27 

    Adds ipv6 support
    @symphorien
    symphorien committed Feb 4, 2020

    Verified

    This commit was signed with the committer’s verified signature.
    primeos Michael Weiss
    GPG key ID: 5BE487C4D4771D83
    Verified
    Learn about vigilant mode
    Copy the full SHA
    2a04e69 View commit details

  2. network-manager-iodine: 1.2.0 -> 2019-11-05 

    the released version is old and cannot reconnect after the first
connection is closed. This is fixed in master.
    @symphorien
    symphorien committed Feb 4, 2020

    Verified

    This commit was signed with the committer’s verified signature.
    primeos Michael Weiss
    GPG key ID: 5BE487C4D4771D83
    Verified
    Learn about vigilant mode
    Copy the full SHA
    683fa30 View commit details

  3. nixos/iodine: nixpkgs-fmt

    @symphorien
    symphorien committed Feb 4, 2020

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    7437bff View commit details

  4. nixos/iodine: hardening

    @symphorien
    symphorien committed Feb 4, 2020
    Copy the full SHA
    00a91d9 View commit details

  5. nixos/iodine: add test

    @symphorien
    symphorien committed Feb 4, 2020
    Copy the full SHA
    b7f27cb View commit details

Commits on Feb 5, 2020

  1. nixos/iodine: improve description of some options 

    Co-Authored-By: Martin Weinelt <mweinelt@users.noreply.github.com>
    @symphorien @mweinelt
    symphorien and mweinelt authored Feb 5, 2020
    Copy the full SHA
    1addf1f View commit details

  2. nixos/iodine: fix typo in description 

    Co-Authored-By: Martin Weinelt <mweinelt@users.noreply.github.com>
    @symphorien @mweinelt
    symphorien and mweinelt authored Feb 5, 2020
    Copy the full SHA
    dfa6763 View commit details

  3. nixos/iodine: improve wording of some descriptions 

    Co-Authored-By: Martin Weinelt <mweinelt@users.noreply.github.com>
    @symphorien @mweinelt
    symphorien and mweinelt authored Feb 5, 2020
    Copy the full SHA
    d2d5d89 View commit details

Commits on Feb 13, 2020

  1. nixos/iodine: protect passwordFiles with toString 

    It should prevent copying the files to a store path
    @symphorien
    symphorien committed Feb 13, 2020
    Copy the full SHA
    44fd320 View commit details

Commits on Mar 9, 2020

  1. androidenv: rely on shebang of ./generate.sh

    @lucafavatella
    lucafavatella committed Mar 9, 2020
    Copy the full SHA
    12a9715 View commit details

  2. androidenv: update generate.sh to use nix-shell and fail on error 

    Update generate.sh to run using nix-shell. Also make it fail with
meaningful output instead of writing empty output files.

This is extracted from https://github.com/NixOS/nixpkgs PR 58131.

This relies on the shebang being used.
    @tadfisher @lucafavatella
    tadfisher authored and lucafavatella committed Mar 9, 2020
    Copy the full SHA
    6f80983 View commit details

  3. androidenv: fix system images xsl used in generate.sh 

    Updated with fixes for `convertsystemimages.xsl`:
- Use `type-details/codename` if it exists, falling back to
  `type-details/api-level`: this results in "Q" rather than "28" for
  preview images
- Use `<xsl:text>` elements to control whitespace in the output.

This is extracted from https://github.com/NixOS/nixpkgs PR 58131.
    @tadfisher @lucafavatella
    tadfisher authored and lucafavatella committed Mar 9, 2020
    Copy the full SHA
    d574ea4 View commit details

  4. androidenv: fix packages xsl used in generate.sh 

    Entry `<remotePackage path="cmdline-tools;latest">` resulted in a
duplicated `"cmdline-tools"."1.0"`.
    @lucafavatella
    lucafavatella committed Mar 9, 2020
    Copy the full SHA
    de119ca View commit details

Commits on Mar 11, 2020

  1. tomcat7: 7.0.92 -> 7.0.100

    @aanderse
    aanderse committed Mar 11, 2020
    Copy the full SHA
    78b0222 View commit details

  2. tomcat8: 8.5.42 -> 8.5.51

    @aanderse
    aanderse committed Mar 11, 2020
    Copy the full SHA
    22f24f7 View commit details

  3. tomcat9: 9.0.21 -> 9.0.31

    @aanderse
    aanderse committed Mar 11, 2020
    Copy the full SHA
    46e7580 View commit details

Commits on Mar 14, 2020

  1. bitwarden_rs: 1.13.1 -> 1.14

    @r-ryantm
    r-ryantm committed Mar 14, 2020
    Copy the full SHA
    1abca66 View commit details

Commits on Mar 16, 2020

  1. zerotierone: fix build on armv7l via gcc9

    @misuzu
    misuzu committed Mar 16, 2020
    Copy the full SHA
    8efac4f View commit details

  2. zerotierone: it supports all platforms

    @misuzu
    misuzu committed Mar 16, 2020
    Copy the full SHA
    795dcf8 View commit details

  3. Merge pull request #82591 from r-ryantm/auto-update/bitwarden_rs 

    bitwarden_rs: 1.13.1 -> 1.14
    @Ma27
    Ma27 authored Mar 16, 2020
    Copy the full SHA
    656e96b View commit details

  4. Merge pull request #82733 from misuzu/zerotierone-armv7l-fix 

    zerotierone: fix build on armv7l via gcc9
    @zimbatm
    zimbatm authored Mar 16, 2020
    Copy the full SHA
    70519e5 View commit details

  5. zerotierone: enable package test (#82738)

    @danielfullmer
    danielfullmer authored Mar 16, 2020
    Copy the full SHA
    d467d6c View commit details

  6. Merge pull request #82319 from aanderse/tomcat-update 

    tomcat: 7.0.92 -> 7.0.100, 8.5.42 -> 8.5.51, 9.0.21 -> 9.0.31
    @aanderse
    aanderse authored Mar 16, 2020
    Copy the full SHA
    6283b00 View commit details

  7. sensu-go-agent: 5.14.1 -> 5.18.1

    @r-ryantm
    r-ryantm authored and Jon committed Mar 16, 2020
    Copy the full SHA
    58b2b8d View commit details

  8. python27Packages.zc_buildout: 2.13.2 -> 2.13.3

    @r-ryantm
    r-ryantm authored and Jon committed Mar 16, 2020
    Copy the full SHA
    a5f7fc6 View commit details

  9. cmt: init at 1.17

    @sjfloat
    sjfloat authored and Jon committed Mar 16, 2020
    Copy the full SHA
    2ff00c4 View commit details

  10. libkml: init at 1.3.0 

    Adding libkml with all tests enabled
    @costrouc @FRidh
    costrouc authored and FRidh committed Mar 16, 2020
    Copy the full SHA
    8be2040 View commit details

  11. aucatctl: init at 0.1 

    Allows those who use sndiod to adjust the volume of audio programs.
    @S-NA
    S-NA authored Mar 16, 2020
    Copy the full SHA
    2f5b8d6 View commit details

  12. Merge pull request #82067 from lucafavatella/androidenv-generate 

    androidenv: enhance script for the generated expressions
    @svanderburg
    svanderburg authored Mar 16, 2020
    Copy the full SHA
    52c89d0 View commit details

  13. python35Packages.openyx: fix build 

    When dropping python 2 support, they also droppped
python 3.5 support.
    Jonathan Ringer committed Mar 16, 2020
    Copy the full SHA
    c2b7261 View commit details

  14. Merge pull request #79120 from symphorien/iodine 

    Iodine: ipv6 support, updates, hardening, nixos test....
    @Ekleog
    Ekleog authored Mar 16, 2020
    Copy the full SHA
    a0307ba View commit details
2 changes: 1 addition & 1 deletion doc/languages-frameworks/android.section.md
View file
Original file line number Diff line number Diff line change
@@ -235,5 +235,5 @@ package manager uses. To update the expressions run the `generate.sh` script
that is stored in the `pkgs/development/mobile/androidenv/` sub directory:

```bash
sh ./generate.sh
./generate.sh
```
163 changes: 102 additions & 61 deletions nixos/modules/services/networking/iodine.nix
View file
Original file line number Diff line number Diff line change
@@ -9,6 +9,8 @@ let

iodinedUser = "iodined";

/* is this path made unreadable by ProtectHome = true ? */
isProtected = x: hasPrefix "/root" x || hasPrefix "/home" x;
in
{
imports = [
@@ -35,45 +37,48 @@ in
corresponding attribute name.
'';
example = literalExample ''
{
foo = {
server = "tunnel.mdomain.com";
relay = "8.8.8.8";
extraConfig = "-v";
{
foo = {
server = "tunnel.mdomain.com";
relay = "8.8.8.8";
extraConfig = "-v";
}
}
}
'';
type = types.attrsOf (types.submodule (
{
options = {
server = mkOption {
type = types.str;
default = "";
description = "Domain or Subdomain of server running iodined";
example = "tunnel.mydomain.com";
};

relay = mkOption {
type = types.str;
default = "";
description = "DNS server to use as a intermediate relay to the iodined server";
example = "8.8.8.8";
};

extraConfig = mkOption {
type = types.str;
default = "";
description = "Additional command line parameters";
example = "-l 192.168.1.10 -p 23";
};

passwordFile = mkOption {
type = types.str;
default = "";
description = "File that contains password";
};
};
}));
type = types.attrsOf (
types.submodule (
{
options = {
server = mkOption {
type = types.str;
default = "";
description = "Hostname of server running iodined";
example = "tunnel.mydomain.com";
};

relay = mkOption {
type = types.str;
default = "";
description = "DNS server to use as an intermediate relay to the iodined server";
example = "8.8.8.8";
};

extraConfig = mkOption {
type = types.str;
default = "";
description = "Additional command line parameters";
example = "-l 192.168.1.10 -p 23";
};

passwordFile = mkOption {
type = types.str;
default = "";
description = "Path to a file containing the password.";
};
};
}
)
);
};

server = {
@@ -121,31 +126,67 @@ in
boot.kernelModules = [ "tun" ];

systemd.services =
let
createIodineClientService = name: cfg:
{
description = "iodine client - ${name}";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
script = "exec ${pkgs.iodine}/bin/iodine -f -u ${iodinedUser} ${cfg.extraConfig} ${optionalString (cfg.passwordFile != "") "< \"${cfg.passwordFile}\""} ${cfg.relay} ${cfg.server}";
serviceConfig = {
RestartSec = "30s";
Restart = "always";
let
createIodineClientService = name: cfg:
{
description = "iodine client - ${name}";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
script = "exec ${pkgs.iodine}/bin/iodine -f -u ${iodinedUser} ${cfg.extraConfig} ${optionalString (cfg.passwordFile != "") "< \"${builtins.toString cfg.passwordFile}\""} ${cfg.relay} ${cfg.server}";
serviceConfig = {
RestartSec = "30s";
Restart = "always";

# hardening :
# Filesystem access
ProtectSystem = "strict";
ProtectHome = if isProtected cfg.passwordFile then "read-only" else "true" ;
PrivateTmp = true;
ReadWritePaths = "/dev/net/tun";
PrivateDevices = false;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
# Caps
NoNewPrivileges = true;
# Misc.
LockPersonality = true;
RestrictRealtime = true;
PrivateMounts = true;
MemoryDenyWriteExecute = true;
};
};
in
listToAttrs (
mapAttrsToList
(name: value: nameValuePair "iodine-${name}" (createIodineClientService name value))
cfg.clients
) // {
iodined = mkIf (cfg.server.enable) {
description = "iodine, ip over dns server daemon";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
script = "exec ${pkgs.iodine}/bin/iodined -f -u ${iodinedUser} ${cfg.server.extraConfig} ${optionalString (cfg.server.passwordFile != "") "< \"${builtins.toString cfg.server.passwordFile}\""} ${cfg.server.ip} ${cfg.server.domain}";
serviceConfig = {
# Filesystem access
ProtectSystem = "strict";
ProtectHome = if isProtected cfg.server.passwordFile then "read-only" else "true" ;
PrivateTmp = true;
ReadWritePaths = "/dev/net/tun";
PrivateDevices = false;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
# Caps
NoNewPrivileges = true;
# Misc.
LockPersonality = true;
RestrictRealtime = true;
PrivateMounts = true;
MemoryDenyWriteExecute = true;
};
};
};
};
in
listToAttrs (
mapAttrsToList
(name: value: nameValuePair "iodine-${name}" (createIodineClientService name value))
cfg.clients
) // {
iodined = mkIf (cfg.server.enable) {
description = "iodine, ip over dns server daemon";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
script = "exec ${pkgs.iodine}/bin/iodined -f -u ${iodinedUser} ${cfg.server.extraConfig} ${optionalString (cfg.server.passwordFile != "") "< \"${cfg.server.passwordFile}\""} ${cfg.server.ip} ${cfg.server.domain}";
};
};

users.users.${iodinedUser} = {
uid = config.ids.uids.iodined;
1 change: 1 addition & 0 deletions nixos/tests/all-tests.nix
View file
Original file line number Diff line number Diff line change
@@ -135,6 +135,7 @@ in
initrd-network-ssh = handleTest ./initrd-network-ssh {};
initrdNetwork = handleTest ./initrd-network.nix {};
installer = handleTest ./installer.nix {};
iodine = handleTest ./iodine.nix {};
ipv6 = handleTest ./ipv6.nix {};
jackett = handleTest ./jackett.nix {};
jellyfin = handleTest ./jellyfin.nix {};
63 changes: 63 additions & 0 deletions nixos/tests/iodine.nix
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
import ./make-test-python.nix (
{ pkgs, ... }: let
domain = "whatever.example.com";
in
{
name = "iodine";
nodes = {
server =
{ ... }:

{
networking.firewall = {
allowedUDPPorts = [ 53 ];
trustedInterfaces = [ "dns0" ];
};
boot.kernel.sysctl = {
"net.ipv4.ip_forward" = 1;
"net.ipv6.ip_forward" = 1;
};

services.iodine.server = {
enable = true;
ip = "10.53.53.1/24";
passwordFile = "${builtins.toFile "password" "foo"}";
inherit domain;
};

# test resource: accessible only via tunnel
services.openssh = {
enable = true;
openFirewall = false;
};
};

client =
{ ... }: {
services.iodine.clients.testClient = {
# test that ProtectHome is "read-only"
passwordFile = "/root/pw";
relay = "server";
server = domain;
};
systemd.tmpfiles.rules = [
"f /root/pw 0666 root root - foo"
];
environment.systemPackages = [
pkgs.nagiosPluginsOfficial
];
};

};

testScript = ''
start_all()
server.wait_for_unit("sshd")
server.wait_for_unit("iodined")
client.wait_for_unit("iodine-testClient")
client.succeed("check_ssh -H 10.53.53.1")
'';
}
)
37 changes: 37 additions & 0 deletions pkgs/applications/audio/aucatctl/default.nix
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
{ stdenv, fetchurl, sndio, libbsd }:

stdenv.mkDerivation rec {
pname = "aucatctl";
version = "0.1";

src = fetchurl {
url = "http://www.sndio.org/${pname}-${version}.tar.gz";
sha256 = "524f2fae47db785234f166551520d9605b9a27551ca438bd807e3509ce246cf0";
};

buildInputs = [ sndio ]
++ stdenv.lib.optional (!stdenv.isDarwin && !stdenv.targetPlatform.isBSD)
libbsd;

outputs = [ "out" "man" ];

preBuild = ''
makeFlagsArray+=("PREFIX=$out")
'' + stdenv.lib.optionalString
(!stdenv.isDarwin && !stdenv.targetPlatform.isBSD) ''
makeFlagsArray+=(LDADD="-lsndio -lbsd")
# Fix warning about implicit declaration of function 'strlcpy'
substituteInPlace aucatctl.c \
--replace '#include <string.h>' '#include <bsd/string.h>'
'';

meta = with stdenv.lib; {
description =
"The aucatctl utility sends MIDI messages to control sndiod and/or aucat volumes";
homepage = "http://www.sndio.org";
license = licenses.isc;
maintainers = with maintainers; [ sna ];
platforms = platforms.unix;
};
}
33 changes: 33 additions & 0 deletions pkgs/applications/audio/cmt/default.nix
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
{ stdenv
, fetchurl
, ladspaH
}:

stdenv.mkDerivation rec {
name = "cmt";
version = "1.17";

src = fetchurl {
url = "http://www.ladspa.org/download/${name}_${version}.tgz";
sha256 = "07xd0xmwpa0j12813jpf87fr9hwzihii5l35mp8ady7xxfmxfmpb";
};

buildInputs = [ ladspaH ];

preBuild = ''
cd src
'';

installFlags = [ "INSTALL_PLUGINS_DIR=${placeholder "out"}/lib/ladspa" ];
preInstall = ''
mkdir -p $out/lib/ladspa
'';

meta = with stdenv.lib; {
description = "Computer Music Toolkit";
homepage = "https://www.ladspa.org/cmt";
license = licenses.gpl2;
platforms = platforms.linux;
maintainers = with maintainers; [ sjfloat ];
};
}
53 changes: 53 additions & 0 deletions pkgs/development/libraries/libkml/default.nix
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
{ stdenv
, fetchFromGitHub
, cmake
, boost
, expat
, zlib
, uriparser
, minizip
, gtest
}:

stdenv.mkDerivation rec {
pname = "libkml";
version = "1.3.0";

src = fetchFromGitHub {
owner = "libkml";
repo = pname;
rev = version;
sha256 = "0gl4cqfps9mzx6hzf3dc10hy5y8smpyf1s31sqm7w343hgsllv0z";
};

nativeBuildInputs = [
cmake
];

cmakeFlags = [
"-DBUILD_TESTING=ON"
];

buildInputs = [
gtest
boost
expat
zlib
uriparser
minizip
];

preCheck = ''
export LD_LIBRARY_PATH=$PWD/lib
'';

doCheck = true;

meta = with stdenv.lib; {
description = "Reference implementation of OGC KML 2.2";
homepage = https://github.com/libkml/libkml;
license = licenses.bsd3;
maintainers = with maintainers; [ costrouc ];
platforms = platforms.all;
};
}
Loading